Forbes Subscription Website Hacked

The Forbes magazine subscription website was recently reported to have been infected with the Magecart malware, which is used to steal credit card information from shoppers who were subscribing online. This is just the most recent example of where this malware has been used, as past victims include British Airways, Newegg and many others.

Commentary: A great illustration of how companies are vulnerable in ways that they may not even have ever considered. Even if the subscription website had been coded perfectly, all it takes is for a malicious agent to penetrate their network somewhere else or compromise some aspect of the website software or underlying server or systems to implant the malware. Again, attackers only need to be successful once in one area in order to get the access they need to achieve their aims. Defenders need to be successful in all areas, all the time in order to keep them out.

Likely Threat(s): Criminals
Likely Motive(s): Theft
Likely Means: 5 Attack the Servers?
Opportunities: Asset Management, Vulnerability Management, Secure Configurations, Pen Testing, Malware Controls

%d bloggers like this: